package org.xx.armory.spring5.security;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.GrantedAuthority;

import java.util.Collection;

import static org.springframework.security.core.authority.AuthorityUtils.createAuthorityList;
import static org.xx.armory.spring5.security.WebSecurityConfig.ROLE_ANONYMOUS;

/**
 * 允许任何身份认证通过的验证器。
 */
public class AlwaysSuccessAuthenticationProvider
        extends AbstractArmoryUserPasswordAuthenticationProvider
        implements AuthenticationProvider {
    private final Logger logger = LoggerFactory.getLogger(AlwaysSuccessAuthenticationProvider.class);

    @Override
    protected Collection<? extends GrantedAuthority> authenticate(
            String username,
            CharSequence password,
            ArmoryWebAuthenticationDetails details
    ) {
        logger.debug("Always success {}", username);

        return createAuthorityList(ROLE_ANONYMOUS);
    }
}
